IETF Logo Mail Archive

Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)

"Gould, James" <jgould@verisign.com> Mon, 06 August 2018 13:47 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95755130ED2; Mon, 6 Aug 2018 06:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CXpAwWYQ2lrR; Mon, 6 Aug 2018 06:47:31 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2A08130EC8; Mon, 6 Aug 2018 06:47:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=4960; q=dns/txt; s=VRSN; t=1533563251; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=AnTgs/IUFUmOShtsc2Ld5U3kg7Op+05t14apC6AgghA=; b=MJuFEghSQdnvfkoAVlTbgrvrljAI5OFjn4fRYRmtcVL9k4y16mvy1hBt Wa6XszV00oLIPdscR4dGrUtQqs/9BzvVRfgzYHDoxftU2+sAb+AaDqvAX Ubhlud+PSCS/RMoofIX3mjg3VNeej9wqsimjyzbnP9uFm5K4TrS7CmDgD BdRsbR3BiymjhrBjBsbeXsGA0+UQYgChDSutE0V7D6tY4ArSPUJSjYm0E T4mIdiqZKetfrS7drRiz0/v2HObWLRwfXqWfM6xIXtw6fTNY07z1Knycn YGQvHeH26pV2SoAsmsI8AMUKhCtCzO62NPGAXdVFnPK/QbHJFw8ZbHVIL Q==;
X-IronPort-AV: E=Sophos;i="5.51,452,1526342400"; d="scan'208";a="5103859"
IronPort-PHdr: 9a23:hxk9tBW90JAuTFZPQM7mx0UpZ6rV8LGtZVwlr6E/grcLSJyIuqrYZReFuKdThVPEFb/W9+hDw7KP9fy4BypYud6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLRi6txndutULioZ+N6g9zQfErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmUwHjhjsZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXTndDUMlMTSxMGoOyYZUSAeodM+hWrIf9qFkAohu/GQaiC+zgxyRUhnDt2K02z/gtHBvE0QEmAtkAsG7UrNLwNKoKX+y7za7IzSjHb/xLwTv29YzGfQokof6SRrJ8f9faxE4tFwPKiVWQtIjlMC6O2+QTrWeb9etgVfmui24orQF9uCSgxsApioTQgI8e117K9SJ8wIkvJN24TlZ2YcC6H5tKtiGaLIp2QswkQ2FpviY11qcKtoK8fCgP0JgnxgDQa+CJc4SS5RLjTumRLDFlj3xmYLKynwu+/VS6xuHhVMS53kxGojdFn9TCrHwA2Bje5tCaRvdh5EutxDSC2xzJ5u1ZLk05lrDXJ4Miz7IomJocr0fOEjPzlUjzlqCbdUEp9fOt5unpfLnpu56ROopvhQz6M6kjmMmyDOo2PwUMQmeW//m32qf58k3jWrpKi+U7kqzesJ/HO8sWvrW5AwpJ0oY77Ba/Eium3MwYnXYZKFJFfwqKgpX1NV/WPfz3De+xjVutnzt32fzKJKPhDYnKLnjZiLftZ6xy5FNGxAot19Bf/JRUBqsdL/L0X0/9rN3YDhknPAyo2+vrFclx2pkDVW+NDKKVKr7evF+G6+41LOSBYJcZuDPnJPgk4/7ug2U5mVgYfaSx35sXZ3e4HuliI0qEenfsnMkOEX0LvgolTezqh1uCXSRPaHa1WqIw/is7B56+DYffWoCth6SM3CalEZ1KaGBLEVOMEWr2eIWEX/cDdiyTIs5nkjMZT7ShTZEu1Q22vg/g17VnNvbU+jEftZ/71dh6+fbTlR4p+Dx1Ecudz2+NQ3tznmMSSD88xLp/rlBlylefzah4hORVGsFJ5/xTXAc6KYfQz+1kBNDuVALNZ82JR0ipQtq4DjAxUss9zMUKY0Z5HNWtkgrM3zarA78SkbyHHYA08qXf33fvIcZw0HfG27c9j1koWMdPMnemhqFn/QjJG4HJi1mZl7qtdakExC7C7nuDzXCPvE5EUw58VqTFUm4DZkvYttn2+13NQKG2Cbs7NQtB09CNJrFNat3zglVMXO3jN8jGY2Kth2ewAg6FxqmSY4rlZWoc0zndBFEYnAAT53mGNBI+Bjy6rmLfEjNuCVzvb1nr8elkp3OxVlU0wB2Sb019y7q1/QYYheSZS/4Iw70EvzshpC9yHFmgw93WDMCMqBZmfKVZedk9+ktI1XrFtwxhOZytN7piiUARcwtpsELuyw56CoRensg2onMm1g1yKbiX0AAJSzTN+JHqOLSfCf3y+B2waqjakgXf3cqY0qQS5fQ8pkriug3vEEc+pTEv79lYm1qx3bqCWAsfSp3ZU0sr+V59vb6MMQcn4IaBn1JrLK249nfg0tckH6FtnhSveMpbPIuaGRXzCMwVAY6lL+l8yAvhVQ4NIO0HrP18BMihbfbTnffzZOs=
X-IPAS-Result: A2GWAAAaUGhb/zGZrQpYAxsBAQEBAwEBAQkBAQGEMYEnCoN1iAmOLoNhkisUgSsXJAsTEAuEPgIXgzE0GAECAQEBAQEBAgEBAoEFDII1JAEOLxwvCAEFAQEBAQEBJwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAc1EgEaBiMRNw4QAgEIGgIfBwICAjAVBQsCBAEJBAWDIAGCDqtNgS6KUIELiBWBQj6BEicME4JMgxsCAQIBgSoBEgEJFhcKJoI6MYIkAod8kjcDBgKGGIp4RoNbiDKCA4YcgkyHTAIEAgQFAhSBQYEaWBEIcBU7KgGCPgmCHBcRgzSFFIU+bwEMJI0qgR+BGwEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 6 Aug 2018 09:47:29 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1466.003; Mon, 6 Aug 2018 09:47:29 -0400
From: "Gould, James" <jgould@verisign.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
CC: "draft-ietf-regext-allocation-token@ietf.org" <draft-ietf-regext-allocation-token@ietf.org>, Patrick Mevzek <patrick+ietf@deepcore.org>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
Thread-Index: AQHULXwIuQgoQ/KalEyd9mS1WgpEHKSyvRCA
Date: Mon, 06 Aug 2018 13:47:29 +0000
Message-ID: <32AED330-D0FD-445C-9999-8AF31FF0E807@verisign.com>
References: <153355638132.26613.6843756928813998023.idtracker@ietfa.amsl.com>
In-Reply-To: <153355638132.26613.6843756928813998023.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.e.1.180613
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A4B49C32C02CA04DB77FEF01EEDB1FE3@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/kn8s6ok8Rpe1Pu0X715oXBs0JMQ>
Subject: Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 13:47:34 -0000

Mirja,

Thank you for your review and feedback.  My responses are embedded below.
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 

On 8/6/18, 7:53 AM, "Mirja Kühlewind" <ietf@kuehlewind.net> wrote:

    Mirja Kühlewind has entered the following ballot position for
    draft-ietf-regext-allocation-token-09: No Objection
    
    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)
    
    
    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.
    
    
    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/
    
    
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    Two quick questions (and I'm really no expert here, so these questions might be
    stupid):
    
    1) Why should the check return 'unavailable' if the object does not require an
    Allocation Token but the check is send with an Allocation Token (sec 3.1.1)? Is
    that obvious to everybody else but me or should that maybe be further explained
    in the doc? And inline with that, why is it not a MUST to return 'unavailable'
    if a Token is required but the sent token doesn't match?
    
JG - The draft really doesn't discuss the case where the object does not require an Allocation Token and the check command includes the Allocation Token, but it does cover the two cases where the object does require an Allocation Token and the passed  Allocation Token matches (MUST return available) and doesn't match (SHOULD return unavailable).  The check command, per RFC 5731, supports many domain names in a single command, and it provides "a hint that allows a client to anticipate the success or failure of provisioning an object using the <create> command" .  The Allocation Token in draft-ietf-regext-allocation-token is a single value that is applied to all domain names, where we don't want the protocol to be overly strict in defining the availability value.  The most strict policy would be to return all domain names that don't require an Allocation Token or where the Allocation Token doesn't match as unavailable.  Since the Allocation Token may apply to only one of the domain names in the list, the protocol only requires (MUST) the server to return an Allocation Token match as available.  The Allocation Token mismatch is treated as a SHOULD and a non-applicable Allocation Token is undefined to enable server-policy to determine the behavior.  Does this make sense?  


    2) Why is this mechanism not applied to delete, renew, and update?
    
JG - Allocation is when the server assigns the sponsoring client of an object based on the use of an Allocation Token credential, which is not applicable to a delete, a renew, and an update.  The common case for allocation is with the use of the create command and the less common case for allocation is with the use of the transfer command (e.g., transfer from server to sponsoring client).  The draft did initially include support for an extended update that defines a new verb like "allocate", but the WG agreed to remove the extension of the update.

v2.23.0 | Report a Bug | By Email